EP0695989B1 - Inversion circuit for galois field elements - Google Patents

Inversion circuit for galois field elements Download PDF

Info

Publication number
EP0695989B1
EP0695989B1 EP95410080A EP95410080A EP0695989B1 EP 0695989 B1 EP0695989 B1 EP 0695989B1 EP 95410080 A EP95410080 A EP 95410080A EP 95410080 A EP95410080 A EP 95410080A EP 0695989 B1 EP0695989 B1 EP 0695989B1
Authority
EP
European Patent Office
Prior art keywords
circuit
output
power
receiving
adder
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP95410080A
Other languages
German (de)
French (fr)
Other versions
EP0695989A1 (en
Inventor
Jacques Meyer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STMicroelectronics SA
Original Assignee
STMicroelectronics SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STMicroelectronics SA filed Critical STMicroelectronics SA
Publication of EP0695989A1 publication Critical patent/EP0695989A1/en
Application granted granted Critical
Publication of EP0695989B1 publication Critical patent/EP0695989B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/724Finite field arithmetic
    • G06F7/726Inversion; Reciprocal calculation; Division of elements of a finite field
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7209Calculation via subfield, i.e. the subfield being GF(q) with q a prime power, e.g. GF ((2**m)**n) via GF(2**m)

Definitions

  • the present invention relates to circuits allowing perform calculations on elements of a Galois body, and in particular a circuit making it possible to calculate the inverses of these elements.
  • a Galois body is a finite set of numbers binaries used, for example, to correct errors in data transmission thanks to Reed-Solomon coding and decoding.
  • Multiplication is a classic multiplication of two binary numbers of n bits as long as it does not generate a retained, i.e. as long as the result does not contain bits to 1 of weight greater than n-1. As soon as a holdback is generated, this is combined by exclusive OR with predetermined bits of bits of weight 0 to n-1, defined by a polynomial called polynomial Galois body generator.
  • any non-zero element of the Galois body is a power of another non-zero and non-unitary element of this body.
  • the elements of a Galois field of N + 1 elements are noted 0, ⁇ 0 , ⁇ 1 , ... ⁇ N-1 .
  • the elements ⁇ 0 to ⁇ N-1 are the numbers 2 0 , 2 1 ... 2 N-1 constituting the base of the binary numbers of n bits.
  • An object of the present invention is to provide a inverter of elements of a Galois body occupying a surface particularly weak.
  • FIG. 1 represents an inverter circuit obtained directly using the decomposition (1) above.
  • the number x of n bits is supplied to an elevator at the power t 10.
  • a multiplier 12 receives the output of the elevator 10 on a first input and the number x on a second input.
  • An inverter 14 receives the output, x t + 1 , of the multiplier 12 and provides the corresponding inverse, x - (t + 1) , to a first input of a multiplier 16. As previously indicated, the inverter 14 should only supply t-1 values.
  • the multiplier 16 receives on a second input the output of the elevator 10 and provides the inverse x -1 sought.
  • the booster circuit 10 at the power t, t being a power of 2 is particularly simple to carry out for reasons explained below.
  • FIG. 2 represents a booster circuit at the power t directly established from this equation.
  • a first adder 20 receives on a first input the output of group 18 associated with bit x 0 and on a second input the output of group 18 associated with bit x 1 .
  • Additional adders 20 are associated respectively with the remaining groups 18 and each receives on a first input the output of the associated group 18 and on a second input the output of the previous adder 20.
  • the last adder 20 provides the number x t .
  • FIG. 3 represents an embodiment of a circuit intended to advantageously replace the inverter 14 and the multiplier 16 of FIG. 1.
  • This circuit comprises n / 2 multipliers 22 by a constant.
  • the multiplication constants are respectively the numbers ⁇ 2i , where i varies from 0 to n / 2-1.
  • Each multiplier 22 is associated with a multiplexer 24 which receives on a first channel the output of the multiplier and on a second channel the output of the preceding multiplexer, which is also supplied at the input of the multiplier.
  • a multiplication is obtained by any value ⁇ i , where i varies from 1 to t-1.
  • the first multiplier 22 and first multiplexer 24 receive the number x t delivered by the elevator 10.
  • the last multiplexer 24 provides the inverse x -1 sought.
  • a decoder 26 receiving the number x t + 1 supplied by the multiplier 12, controls the multiplexers 24 so that the multipliers 22 are placed in series, the product of the constants being equal to the inverse of x t + 1 .
  • the circuit of Figure 3 is particularly simple because it uses multipliers by a constant; providing n / 2 with associated multiplexers remains simpler than providing a full multiplier 16.
  • the decoder 26 has only n / 2 outputs instead of the n outputs required in the case of the figure 1.
  • to control the decoder 26 it is only supplied with bits of the number x t + 1 which make it possible to distinguish the t-1 possible values from the number x t + 1 .
  • the structure of FIG. 3 might not be fast enough because the number x t must sometimes cross a large number of multipliers 22 which each introduce a delay.
  • FIG. 4 represents a particularly rapid embodiment according to the present invention.
  • the number x t is supplied in parallel to t / 2 multipliers 40 by a constant.
  • the constants are respectively ⁇ 1 to ⁇ 1 ⁇ 2t-1 .
  • the constants ⁇ 1 to ⁇ 1 ⁇ 2t-1 are 1 ⁇ 2t-1 roots (t-1) th of unity distinct from each other and from unity, and such that the remaining 1 ⁇ 2t-1 roots are 1 + ⁇ 1 to 1+ ⁇ 1 ⁇ 2t-1 .
  • t-1 1 ⁇ 2t-1 roots
  • the number r + 1 is also (p being any integer less than N + 1).
  • a multiplexer 42 receives the outputs of the multipliers 40 and selects one of them as a function of a control signal supplied by a decoder 44.
  • the output of the multiplexer 42 is supplied to a first input of an adder 46 receiving on a second input the output of a group of AND gates 48.
  • a first input of the gates 48 receives an output of the decoder 44, which takes a state dependent on the parity of the inverse of the number x t + 1 .
  • the second inputs of gates 48 respectively receive the bits of the number x t .
  • the number x t is summed or not at the output of the multiplexer 42 according to the values of the number x t + 1 .
  • we multiply x t by ⁇ i or 1 + ⁇ i (i 1, 2 ... 1 ⁇ 2t-1), that is to say by one or the other of two roots (t -1) distinct themes of the unit.
  • the decoder 44 as a function of the n-1 most significant bits of the number x t + 1 selects the appropriate multiplier 40 so that the number ⁇ i or 1 + ⁇ i by which the number x t is finally multiplied is the inverse of the number x t + 1 .
  • the decoder receives only bits of the number x t + 1 which make it possible to distinguish the 1 ⁇ 2t-1 roots ⁇ 1 to ⁇ 1 ⁇ 2t-1 .
  • the multiplexer 42 is selected to supply the number 0 to the adder 46 which then supplies the value 1 / ( x t ) through door group 48.

Landscapes

  • Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computational Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • General Engineering & Computer Science (AREA)
  • Error Detection And Correction (AREA)
  • Detection And Correction Of Errors (AREA)

Description

La présente invention concerne les circuits permettant d'effectuer des calculs sur des éléments d'un corps de Galois, et en particulier un circuit permettant de calculer les inverses de ces éléments.The present invention relates to circuits allowing perform calculations on elements of a Galois body, and in particular a circuit making it possible to calculate the inverses of these elements.

Un corps de Galois est un ensemble fini de nombres binaires servant, par exemple, à la correction d'erreurs dans les transmissions de données grâce à un codage et décodage Reed-Solomon.A Galois body is a finite set of numbers binaries used, for example, to correct errors in data transmission thanks to Reed-Solomon coding and decoding.

L'ensemble des nombres binaires de n bits forme un corps de Galois de 2n=N+1 éléments, sur lequel on définit une addition et une multiplication internes, c'est-à-dire telles que la somme ou le produit de deux nombres du corps est également un nombre du corps. L'addition de deux nombres consiste à effectuer un OU exclusif bit par bit entre ces deux nombres. D'où il résulte que, si x est un élément quelconque du corps, on a x+x = 2x = 0. The set of binary numbers of n bits forms a Galois field of 2 n = N + 1 elements, on which we define an internal addition and multiplication, i.e. such as the sum or the product of two body numbers is also a body number. The addition of two numbers consists in performing an exclusive OR bit by bit between these two numbers. From which it follows that, if x is any element of the body, we have x + x = 2x = 0.

La multiplication est une multiplication classique de deux nombres binaires de n bits tant qu'elle ne génère pas une retenue, c'est-à-dire tant que le résultat ne comporte pas de bits à 1 de poids supérieur à n-1. Dès qu'une retenue est générée, celle-ci est combinée par OU exclusif à des bits prédéterminés des bits de poids 0 à n-1, définis par un polynôme dit polynôme générateur du corps de Galois. Multiplication is a classic multiplication of two binary numbers of n bits as long as it does not generate a retained, i.e. as long as the result does not contain bits to 1 of weight greater than n-1. As soon as a holdback is generated, this is combined by exclusive OR with predetermined bits of bits of weight 0 to n-1, defined by a polynomial called polynomial Galois body generator.

Tout élément non nul du corps de Galois est une puissance d'un autre élément non nul et non unitaire de ce corps. Dans un corps de Galois de N+1 éléments, ces puissances sont définies modulo-N, c'est-à-dire que xi=xi+N, où x est un élément non nul et non unitaire du corps de Galois et i un entier positif ou négatif. Les éléments d'un corps de Galois de N+1 éléments sont notés 0, α0, α1,... αN-1. Les éléments α0 à αN-1 sont les nombres 20, 21... 2N-1 constituant la base des nombres binaires de n bits.Any non-zero element of the Galois body is a power of another non-zero and non-unitary element of this body. In a Galois body of N + 1 elements, these powers are defined modulo-N, that is to say that x i = x i + N , where x is a non-zero and non-unitary element of the Galois body and i a positive or negative integer. The elements of a Galois field of N + 1 elements are noted 0, α 0 , α 1 , ... α N-1 . The elements α 0 to α N-1 are the numbers 2 0 , 2 1 ... 2 N-1 constituting the base of the binary numbers of n bits.

Pour calculer des coefficients de correction dans un décodeur Reed-Solomon, il est nécessaire de calculer des rapports y/x, où y et x sont des nombres calculés par le décodeur et pouvant avoir des valeurs quelconques. Pour cela, on multiplie généralement y par l'inverse de x.To calculate correction coefficients in a Reed-Solomon decoder, it is necessary to calculate ratios y / x, where y and x are numbers calculated by the decoder and which can have any values. For this, we generally multiply y by the inverse of x.

Pour calculer un inverse, on peut avoir recours à une table d'inverses stockés dans une mémoire ROM. Toutefois, l'utilisation d'une mémoire ROM se prête mal à une intégration parmi les autres circuits de traitement avec les techniques actuelles de conception de circuit intégré. Avec ces techniques, la mémoire ROM doit être placée en dehors d'une zone où sont intégrés les autres éléments du circuit de traitement. Ceci entraíne une perte de surface notable malgré qu'une mémoire ROM occupe une surface relativement faible.To calculate an inverse, we can use a reverse table stored in a ROM memory. However, the use of a ROM memory does not lend itself well to integration among other processing circuits with techniques current integrated circuit design. With these techniques, the ROM memory must be placed outside an area where are integrated the other elements of the processing circuit. This results in a significant loss of surface despite a ROM memory occupying a relatively small area.

Une autre solution consiste à obtenir les inverses de manière câblée, à l'aide de portes logiques. Toutefois, le nombre de connexions entre les portes logiques pour effectuer la fonction d'inversion est si important que les métallisations correspondantes occupent une surface équivalente à la surface perdue entraínée par utilisation d'une mémoire ROM, malgré le fait que l'inverseur câblé puisse être intégré dans la même zone que les circuits de traitement.Another solution is to obtain the inverse of wired way, using logic gates. However, the number of connections between the logic gates to perform the function reversal is so important that the corresponding metallizations occupy an area equivalent to the lost area driven by use of ROM memory, despite the fact that the wired inverter can be integrated in the same area as the processing circuits.

D'autres solutions sont décrites dans les documents WO-A-89 01660 et GB-A-2 155 219.Other solutions are described in the documents WO-A-89 01660 and GB-A-2 155 219.

Un objet de la présente invention est de prévoir un inverseur d'éléments d'un corps de Galois occupant une surface particulièrement faible. An object of the present invention is to provide a inverter of elements of a Galois body occupying a surface particularly weak.

Cet objet est atteint par un circuit selon la revendication 1.This object is reached by a circuit according to the claim 1.

Selon un mode de réalisation de la présente invention, l'élévateur à la puissance t comprend n groupes de portes dont le i-ème (i = 0, 1... n-1), fournit ou non le i-ème élément non nul du corps de Galois selon l'état 1 ou 0 du i-ème bit du nombre à élever à la puissance t ; et n-1 additionneurs dont le j-ème (j=1, 2... n-1) reçoit la sortie du j-ème groupe de portes
   et la sortie du (j-1)ème additionneur, le premier additionneur recevant les sorties des deux premiers groupes de portes.According to an embodiment of the present invention, the elevator at the power t comprises n groups of doors of which the i-th (i = 0, 1 ... n-1), provides or not the i-th element not zero of the Galois field according to state 1 or 0 of the i-th bit of the number to be raised to the power t; and n-1 adders whose j-th (j = 1, 2 ... n-1) receives the output of the j-th group of doors
and the output of the (j-1) th adder, the first adder receiving the outputs of the first two groups of gates.

Ces objets, caractéristiques et avantages ainsi que d'autres de la présente invention seront exposés plus en détail dans la description suivante de modes de réalisation particuliers faite à titre non-limitatif à l'aide des figures jointes parmi lesquelles :

  • la figure 1 représente un circuit d'inversion ;
  • la figure 2 représente un circuit élévateur à la puissance d'une puissance de deux utilisé dans le circuit d'inversion de la figure 1 ;
  • la figure 3 représente un mode de réalisation de certains des éléments du circuit de la figure 1 ; et
  • la figure 4 représente un mode de réalisation selon la présente invention de certains des éléments du circuit de la figure 1.
    • These objects, characteristics and advantages as well as others of the present invention will be explained in more detail in the following description of particular embodiments given without limitation by means of the attached figures, among which:
  • Figure 1 shows an inversion circuit;
  • 2 shows a booster circuit to the power of a power of two used in the inversion circuit of Figure 1;
  • Figure 3 shows an embodiment of some of the elements of the circuit of Figure 1; and
  • FIG. 4 represents an embodiment according to the present invention of some of the elements of the circuit of FIG. 1.

    • Comme le décrit notamment WO-A-89 01660, l'inverse x-1 d'un nombre x de n bits est exprimé sous la forme : x-1 = xt/xt+1, avec t = 2n/2.As described in particular WO-A-89 01660, the inverse x -1 of a number x of n bits is expressed in the form: x -1 = x t / x t + 1 , with t = 2 n / 2 .

    Le nombre xt est particulièrement facile à calculer, comme on le verra ultérieurement, grâce au fait qu'il s'agit d'un nombre élevé à une puissance d'une puissance de 2 (t = 2n/2). The number x t is particularly easy to calculate, as we will see later, thanks to the fact that it is a number raised to a power of a power of 2 (t = 2 n / 2 ).

    Le nombre xt+1 est une racine (t-1)ème de l'unité car (xt+1)t-1 = xt2-1 = x2n-1 = xN = 1. Par conséquent, xt+1, quelle que soit la valeur de x, ne prend que l'une des t-1 valeurs αt+1, α2(t+1)... α(t-1) (t+1). Ces t-1 valeurs sont notées ci-après respectivement β, β2, ... βt-1.The number x t + 1 is a root (t-1) th of the unit because (x t + 1 ) t-1 = x t 2 -1 = x 2n-1 = x NOT = 1. Consequently, x t + 1 , whatever the value of x, takes only one of the t-1 values α t + 1 , α 2 (t + 1) ... α (t-1) (t + 1) . These t-1 values are noted below respectively β, β 2 , ... β t-1 .

    Ainsi, on est amené à calculer l'inverse du nombre xt+1 qui n'a que t-1 = 2n/2-1 valeurs possibles β, β2,... βt-1 au lieu des 2n-1 valeurs possibles de l'inverse d'un nombre quelconque. Par exemple, si n=8, le nombre xt+1 a 15 valeurs possibles au lieu de 255. Ainsi, un inverseur du nombre xt+1 occupe notablement moins de surface qu'un inverseur d'un nombre quelconque, qu'il soit réalisé à l'aide d'une table en mémoire ROM, ou à l'aide de circuits logiques. En outre, il suffit de ne fournir à cet inverseur que des bits du nombre xt+1 qui permettent de distinguer les t-1 valeurs possibles du nombre xt+1.Thus, we are led to calculate the inverse of the number x t + 1 which has only t-1 = 2 n / 2 -1 possible values β, β 2 , ... β t-1 instead of the 2 n -1 possible values of the inverse of any number. For example, if n = 8, the number x t + 1 has 15 possible values instead of 255. Thus, an inverter of the number x t + 1 occupies significantly less area than an inverter of any number, than it is carried out using a table in ROM memory, or using logic circuits. Furthermore, it suffices to provide this inverter only with bits of the number x t + 1 which make it possible to distinguish the t-1 possible values from the number x t + 1 .

    La figure 1 représente un circuit inverseur obtenu directement à l'aide de la décomposition (1) ci-dessus. Le nombre x de n bits, est fourni à un élévateur à la puissance t 10. Un multiplieur 12 reçoit la sortie de l'élévateur 10 sur une première entrée et le nombre x sur une deuxième entrée. Un inverseur 14 reçoit la sortie, xt+1, du multiplieur 12 et fournit l'inverse correspondant, x-(t+1), à une première entrée d'un multiplieur 16. Comme on l'a précédemment indiqué, l'inverseur 14 ne doit fournir que t-1 valeurs. Le multiplieur 16 reçoit sur une deuxième entrée la sortie de l'élévateur 10 et fournit l'inverse x-1 recherché.FIG. 1 represents an inverter circuit obtained directly using the decomposition (1) above. The number x of n bits is supplied to an elevator at the power t 10. A multiplier 12 receives the output of the elevator 10 on a first input and the number x on a second input. An inverter 14 receives the output, x t + 1 , of the multiplier 12 and provides the corresponding inverse, x - (t + 1) , to a first input of a multiplier 16. As previously indicated, the inverter 14 should only supply t-1 values. The multiplier 16 receives on a second input the output of the elevator 10 and provides the inverse x -1 sought.

    Le circuit 10 élévateur à la puissance t, t étant une puissance de 2, est particulièrement simple à réaliser pour les raisons expliquées ci-dessous. The booster circuit 10 at the power t, t being a power of 2, is particularly simple to carry out for reasons explained below.

    Le nombre x s'exprime par x = x0·α0 + x1·α1 + x2·α2 + ... xn-1·αn-1, où x0, x1... xn-1 sont les valeurs des bits de poids croissant du nombre x.The number x is expressed by x = x 0 · α 0 + x 1 · α 1 + x 2 · α 2 + ... x n-1 · α n-1 , where x 0 , x 1 ... x n-1 are the values of the bits of increasing weight of the number x.

    En élevant le nombre x à la puissance t, t étant une puissance de 2, on élève le deuxième membre à la puissance t, ce qui fournit la somme de termes xi·αit et de termes supplémentaires qui se répètent un nombre pair de fois. Du fait que la somme sur le corps de Galois est un OU exclusif bit à bit, tous ces termes supplémentaires s'annulent. Ainsi, on a : xt = x0·α0 + x1·αt + x2·α2t +... xn-1·α(n-1)t. By raising the number x to the power t, t being a power of 2, we raise the second member to the power t, which provides the sum of terms x i · α it and additional terms which repeat an even number of time. Because the sum over the Galois field is a bit-by-bit exclusive OR, all of these additional terms cancel each other out. Thus, we have: x t = x 0 · α 0 + x 1 · α t + x 2 · α 2t + ... x n-1 · α (N-1) t .

    La figure 2 représente un circuit élévateur à la puissance t directement établi à partir de cette équation. A chaque bit xi (i=0, 1... n-1) est associé un groupe de portes ET 18 qui reçoivent sur des premières entrées le bit xi et sur des deuxièmes entrées les bits respectifs du nombre αit. Ainsi, chaque nombre αit est transmis sur la sortie du groupe 18 correspondant si xi=1. Un premier additionneur 20 reçoit sur une première entrée la sortie du groupe 18 associé au bit x0 et sur une deuxième entrée la sortie du groupe 18 associé au bit x1. Des additionneurs 20 supplémentaires sont associés respectivement aux groupes 18 restants et chacun reçoit sur une première entrée la sortie du groupe 18 associé et sur une deuxième entrée la sortie de l'additionneur 20 précédent. Le dernier additionneur 20 fournit le nombre xt.FIG. 2 represents a booster circuit at the power t directly established from this equation. Each bit x i (i = 0, 1 ... n-1) is associated with a group of AND gates 18 which receive the first bit x i on the first inputs and the respective bits of the number α it on second inputs. Thus, each number α it is transmitted to the output of the corresponding group 18 if x i = 1. A first adder 20 receives on a first input the output of group 18 associated with bit x 0 and on a second input the output of group 18 associated with bit x 1 . Additional adders 20 are associated respectively with the remaining groups 18 and each receives on a first input the output of the associated group 18 and on a second input the output of the previous adder 20. The last adder 20 provides the number x t .

    Bien entendu, dans chaque groupe de portes ET 18 associé à un bit xi, on prévoit des portes ET pour les seuls bits non nuls du nombre αit. De même, les additionneurs 20 (des groupes de portes OU exclusif) peuvent aussi être simplifiés en tenant compte du fait que certaines de leurs lignes d'entrée sont toujours à un état constant.Of course, in each group of AND gates 18 associated with a bit x i , AND gates are provided for the only non-zero bits of the number α it . Likewise, the adders 20 (groups of exclusive OR gates) can also be simplified by taking into account the fact that some of their input lines are always in a constant state.

    La figure 3 représente un mode de réalisation de circuit destiné à remplacer avantageusement l'inverseur 14 et le multiplieur 16 de la figure 1. Ce circuit comprend n/2 multiplieurs 22 par une constante. Les constantes de multiplication sont respectivement les nombres β2i, où i varie de 0 à n/2-1.FIG. 3 represents an embodiment of a circuit intended to advantageously replace the inverter 14 and the multiplier 16 of FIG. 1. This circuit comprises n / 2 multipliers 22 by a constant. The multiplication constants are respectively the numbers β 2i , where i varies from 0 to n / 2-1.

    Chaque multiplieur 22 est associé à un multiplexeur 24 qui reçoit sur un premier canal la sortie du multiplieur et sur un deuxième canal la sortie du multiplexeur précédent, qui est aussi fournie à l'entrée du multiplieur. A l'aide de cette disposition, en sélectionnant convenablement les multiplexeurs 24, on obtient une multiplication par n'importe quelle valeur βi, où i varie de 1 à t-1. Le premier multiplieur 22 et premier multiplexeur 24 reçoivent le nombre xt délivré par l'élévateur 10. Le dernier multiplexeur 24 fournit l'inverse x-1 recherché. Un décodeur 26, recevant le nombre xt+1 fourni par le multiplieur 12, commande les multiplexeurs 24 de manière que soient mis en série les multiplieurs 22 dont le produit des constantes est égal à l'inverse de xt+1.Each multiplier 22 is associated with a multiplexer 24 which receives on a first channel the output of the multiplier and on a second channel the output of the preceding multiplexer, which is also supplied at the input of the multiplier. Using this arrangement, by properly selecting the multiplexers 24, a multiplication is obtained by any value β i , where i varies from 1 to t-1. The first multiplier 22 and first multiplexer 24 receive the number x t delivered by the elevator 10. The last multiplexer 24 provides the inverse x -1 sought. A decoder 26, receiving the number x t + 1 supplied by the multiplier 12, controls the multiplexers 24 so that the multipliers 22 are placed in series, the product of the constants being equal to the inverse of x t + 1 .

    Le circuit de la figure 3 est particulièrement simple car il utilise des multiplieurs par une constante ; le fait d'en prévoir n/2 avec des multiplexeurs associés reste plus simple que de prévoir un multiplieur complet 16. En outre, le décodeur 26 n'a que n/2 sorties au lieu des n sorties requises dans le cas de la figure 1. Comme dans le cas de la figure 1, pour commander le décodeur 26, on ne lui fournit que des bits du nombre xt+1 qui permettent de distinguer les t-1 valeurs possibles du nombre xt+1.The circuit of Figure 3 is particularly simple because it uses multipliers by a constant; providing n / 2 with associated multiplexers remains simpler than providing a full multiplier 16. In addition, the decoder 26 has only n / 2 outputs instead of the n outputs required in the case of the figure 1. As in the case of FIG. 1, to control the decoder 26, it is only supplied with bits of the number x t + 1 which make it possible to distinguish the t-1 possible values from the number x t + 1 .

    Dans certaines applications, la structure de la figure 3 pourrait ne pas être assez rapide car le nombre xt doit parfois traverser un grand nombre de multiplieurs 22 qui introduisent chacun un retard.In certain applications, the structure of FIG. 3 might not be fast enough because the number x t must sometimes cross a large number of multipliers 22 which each introduce a delay.

    La figure 4 représente un mode de réalisation particulièrement rapide selon la présente invention. Le nombre xt est fourni en parallèle à t/2 multiplieurs 40 par une constante. Les constantes sont respectivement β1 à β½t-1. Les constantes β1 à β½t-1 sont ½t-1 racines (t-1)èmes de l'unité distinctes entre elles et de l'unité, et telles que les ½t-1 racines restantes soient 1+β1 à 1+β½t-1. En effet, sur un corps de Galois, si un nombre r est racine p-ième de l'unité, le nombre r+1 l'est aussi (p étant un entier quelconque inférieur à N+1).FIG. 4 represents a particularly rapid embodiment according to the present invention. The number x t is supplied in parallel to t / 2 multipliers 40 by a constant. The constants are respectively β 1 to β ½t-1 . The constants β 1 to β ½t-1 are ½t-1 roots (t-1) th of unity distinct from each other and from unity, and such that the remaining ½t-1 roots are 1 + β 1 to 1+ β ½t-1 . Indeed, on a Galois field, if a number r is p-th root of unity, the number r + 1 is also (p being any integer less than N + 1).

    Un multiplexeur 42 reçoit les sorties des multiplieurs 40 et sélectionne l'une d'entre elles en fonction d'un signal de commande fourni par un décodeur 44. La sortie du multiplexeur 42 est fournie à une première entrée d'un additionneur 46 recevant sur une deuxième entrée la sortie d'un groupe de portes ET 48. Une première entrée des portes 48 reçoit une sortie du décodeur 44, qui prend un état dépendant de la parité de l'inverse du nombre xt+1.A multiplexer 42 receives the outputs of the multipliers 40 and selects one of them as a function of a control signal supplied by a decoder 44. The output of the multiplexer 42 is supplied to a first input of an adder 46 receiving on a second input the output of a group of AND gates 48. A first input of the gates 48 receives an output of the decoder 44, which takes a state dependent on the parity of the inverse of the number x t + 1 .

    Les deuxièmes entrées des portes 48 reçoivent respectivement les bits du nombre xt. Ainsi, le nombre xt est sommé ou non à la sortie du multiplexeur 42 selon les valeurs du nombre xt+1. Avec cette configuration, on multiplie xt par βi ou 1+βi (i=1, 2... ½t-1), c'est-à-dire par l'une ou l'autre de deux racines (t-1)èmes distinctes de l'unité. Le décodeur 44, en fonction des n-1 bits de poids fort du nombre xt+1 sélectionne le multiplieur 40 adéquat pour que le nombre βi ou 1+βi par lequel le nombre xt est finalement multiplié soit l'inverse du nombre xt+1. En outre, le décodeur reçoit seulement des bits du nombre xt+1 qui permettent de distinguer les ½t-1 racines β1 à β½t-1.The second inputs of gates 48 respectively receive the bits of the number x t . Thus, the number x t is summed or not at the output of the multiplexer 42 according to the values of the number x t + 1 . With this configuration, we multiply x t by β i or 1 + β i (i = 1, 2 ... ½t-1), that is to say by one or the other of two roots (t -1) distinct themes of the unit. The decoder 44, as a function of the n-1 most significant bits of the number x t + 1 selects the appropriate multiplier 40 so that the number β i or 1 + β i by which the number x t is finally multiplied is the inverse of the number x t + 1 . In addition, the decoder receives only bits of the number x t + 1 which make it possible to distinguish the ½t-1 roots β 1 to β ½t-1 .

    Bien entendu, parmi les racines (t-1)èmes de l'unité, il y a l'unité. Si le nombre xt+1 est égal à 1, le nombre xt est aussi égal à 1, alors, par exemple, le multiplexeur 42 est sélectionné pour fournir le nombre 0 à l'additionneur 46 qui fournit alors la valeur 1/(xt) par l'intermédiaire du groupe de portes 48.Of course, among the roots (t-1) th of unity, there is unity. If the number x t + 1 is equal to 1, the number x t is also equal to 1, then, for example, the multiplexer 42 is selected to supply the number 0 to the adder 46 which then supplies the value 1 / ( x t ) through door group 48.

    Claims (2)

    1. A circuit for inverting a number (x) of n bits of a finite field of 2n = N+1 elements, comprising:
      a circuit (10) for raising to the power t = 2n/2, receiving the number to invert (x);
      a first complete multiplier (12) receiving the number to invert and the output of the circuit for raising to the power t; and
      a circuit (14, 16) for providing the product of the output of the circuit for raising to the power t and of the inverse of the output of the first complete multiplier;
      characterized in that said circuit for providing the product comprises:
      1/2t-1 multipliers (40) for multiplying by a constant, whose constants are (t-1)th roots of the unit, distinct one from the other and from the unit, each receiving the output of the circuit (10) for raising to the power t;
      a multiplexer (42) controlled by a decoder (44) for selecting the output of one of the multipliers by a constant as a function of the output of the first complete multiplier (12), and
      an adder receiving the output of the multiplexer and, depending upon the output of the first complete multiplier, value 0 or the number to invert (x) raised to the power t.
    2. The circuit of claim 1, characterized in that the circuit (10) for raising to the power t comprises:
      n groups of gates (18), the i-th group (i=0, 1... n-1) providing or not the i-th non-zero element of the finite field depending upon the state 1 or 0 of the i-th bit of the number to be raised to the power t; and
      n-1 adders (20), the j-th adder (j=1, 2... n-1) receiving the output of the j-th group of gates and the output of the (j-1)th adder, the first adder receiving the outputs of the first two groups of gates.
    EP95410080A 1994-08-05 1995-08-02 Inversion circuit for galois field elements Expired - Lifetime EP0695989B1 (en)

    Applications Claiming Priority (2)

    Application Number Priority Date Filing Date Title
    FR9409927 1994-08-05
    FR9409927A FR2723455B1 (en) 1994-08-05 1994-08-05 CIRCUIT FOR INVERTING ELEMENTS OF A WALL BODY

    Publications (2)

    Publication Number Publication Date
    EP0695989A1 EP0695989A1 (en) 1996-02-07
    EP0695989B1 true EP0695989B1 (en) 2002-06-05

    Family

    ID=9466247

    Family Applications (1)

    Application Number Title Priority Date Filing Date
    EP95410080A Expired - Lifetime EP0695989B1 (en) 1994-08-05 1995-08-02 Inversion circuit for galois field elements

    Country Status (5)

    Country Link
    US (1) US5612910A (en)
    EP (1) EP0695989B1 (en)
    JP (1) JP2803601B2 (en)
    DE (1) DE69526887T2 (en)
    FR (1) FR2723455B1 (en)

    Families Citing this family (10)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    GB9707861D0 (en) * 1997-04-18 1997-06-04 Certicom Corp Arithmetic processor
    US6009450A (en) * 1997-12-24 1999-12-28 Motorola, Inc. Finite field inverse circuit
    US6052704A (en) * 1998-01-12 2000-04-18 National Science Council Exponentiation circuit and inverter based on power-sum circuit for finite field GF(2m)
    US6199087B1 (en) * 1998-06-25 2001-03-06 Hewlett-Packard Company Apparatus and method for efficient arithmetic in finite fields through alternative representation
    US6199088B1 (en) * 1998-06-30 2001-03-06 Quantum Corp. Circuit for determining multiplicative inverses in certain galois fields
    JP3659320B2 (en) * 2000-06-21 2005-06-15 インターナショナル・ビジネス・マシーンズ・コーポレーション Multiplication module, multiplication inverse element operation circuit, multiplication inverse element operation control system, device using the multiplication inverse element operation, encryption device, error correction decoder
    US20040158597A1 (en) * 2001-04-05 2004-08-12 Ye Ding Feng Method and apparatus for constructing efficient elliptic curve cryptosystems
    US7895253B2 (en) 2001-11-30 2011-02-22 Analog Devices, Inc. Compound Galois field engine and Galois field divider and square root engine and method
    US7089276B2 (en) * 2002-10-18 2006-08-08 Lockheed Martin Corp. Modular Galois-field subfield-power integrated inverter-multiplier circuit for Galois-field division over GF(256)
    JP4595055B2 (en) * 2005-11-07 2010-12-08 ルネサスエレクトロニクス株式会社 Galois field α multiplication circuit and arithmetic circuit

    Family Cites Families (8)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    JPS60186942A (en) * 1984-02-24 1985-09-24 Victor Co Of Japan Ltd Digital multiplier circuit
    US4975867A (en) * 1987-06-26 1990-12-04 Digital Equipment Corporation Apparatus for dividing elements of a Galois Field GF (2QM)
    CA1310421C (en) * 1987-08-24 1992-11-17 C. Michael Riggle High bandwidth reed-solomon encoding, decoding and error correcting circuit
    JP2532917B2 (en) * 1988-04-20 1996-09-11 三洋電機株式会社 Data error detection circuit
    DE3855497T2 (en) * 1988-10-18 1997-03-13 Philips Electronics Nv Data processing device for calculating a multiplicatively inverted element of a finite body
    US4994995A (en) * 1990-03-14 1991-02-19 International Business Machines Corporation Bit-serial division method and apparatus
    DE69406857T2 (en) * 1993-06-30 1998-05-20 Philips Electronics Nv Interface circuit and booster circuit containing this circuit
    EP0727066A4 (en) * 1993-11-04 1997-01-15 Cirrus Logic Inc Finite field inversion

    Also Published As

    Publication number Publication date
    FR2723455B1 (en) 1996-10-31
    JP2803601B2 (en) 1998-09-24
    US5612910A (en) 1997-03-18
    EP0695989A1 (en) 1996-02-07
    JPH08107366A (en) 1996-04-23
    DE69526887D1 (en) 2002-07-11
    DE69526887T2 (en) 2002-11-14
    FR2723455A1 (en) 1996-02-09

    Similar Documents

    Publication Publication Date Title
    EP0695989B1 (en) Inversion circuit for galois field elements
    FR2605769A1 (en) POLYNOMIAL OPERATOR IN THE BODIES OF GALOIS AND DIGITAL SIGNAL PROCESSING PROCESSOR HAVING SUCH AN OPERATOR
    FR2788867A1 (en) Arithmetic method and implementation for cryptographic processing
    EP0692762B1 (en) Parallel multiplication logical circuit
    FR2484172A1 (en) METHOD AND DEVICE FOR GENERATING A SERIES OF INTERPOLINE SAMPLES
    EP0703528B1 (en) Electronic circuit for modulo computation in a finite field
    EP0690585B1 (en) Reed-Solomon decoder
    EP0174678B1 (en) Echo canceller using delta modulation
    FR2488079A1 (en) DIGITAL FILTERING DEVICE
    FR2853424A1 (en) ARCHITECTURE OF COMBINED POLYNOMIAL AND NATURAL MULTIPLIERS
    EP0262032B1 (en) Binary adder having a fixed operand, and a parallel/serial multiplier comprising such an adder
    EP0204612B1 (en) Method for transmitting data with a possibility for packet error correction, and coding and decoding apparatus for carrying out said method
    EP0475862B1 (en) High speed counter/divider and its application in a pulse swallow type counter
    EP0110767A1 (en) Fast binary multiplier
    FR2593948A1 (en) DEVICE FOR COSINUS TRANSFORMATION OF A SAMPLE DIGITAL SIGNAL
    FR2754616A1 (en) Division of elements in Galois field
    FR2739991A1 (en) IIR digital filter
    EP0690584A1 (en) Circuit for locating errors in a Reed-Solomon decoder
    EP0320352B1 (en) Numeric computation integrated circuit for convolution-like computations
    EP3048730A1 (en) Frequency synthesis device with feedback loop
    EP1071008A1 (en) Method for performing multiplication with accumulation in a Galois field
    FR2818765A1 (en) Modular multiplier for enciphering/deciphering data, comprises buffer memories to store Montgomery algorithm results and operands , multiplexors, multiplier, control unit, bistable circuits and adder
    EP0175623A1 (en) Device for the real-time processing of a digital signal by convolution
    EP0249538A1 (en) Analogous-digital encoder
    EP0327445A1 (en) Generalised digital multiplier, and digital filter using this multiplier

    Legal Events

    Date Code Title Description
    PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

    Free format text: ORIGINAL CODE: 0009012

    AK Designated contracting states

    Kind code of ref document: A1

    Designated state(s): DE FR GB IT

    17P Request for examination filed

    Effective date: 19960712

    RAP3 Party data changed (applicant data changed or rights of an application transferred)

    Owner name: STMICROELECTRONICS S.A.

    17Q First examination report despatched

    Effective date: 20000712

    GRAG Despatch of communication of intention to grant

    Free format text: ORIGINAL CODE: EPIDOS AGRA

    GRAG Despatch of communication of intention to grant

    Free format text: ORIGINAL CODE: EPIDOS AGRA

    GRAH Despatch of communication of intention to grant a patent

    Free format text: ORIGINAL CODE: EPIDOS IGRA

    RAP1 Party data changed (applicant data changed or rights of an application transferred)

    Owner name: STMICROELECTRONICS S.A.

    GRAH Despatch of communication of intention to grant a patent

    Free format text: ORIGINAL CODE: EPIDOS IGRA

    GRAA (expected) grant

    Free format text: ORIGINAL CODE: 0009210

    AK Designated contracting states

    Kind code of ref document: B1

    Designated state(s): DE FR GB IT

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: IT

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRE;WARNING: LAPSES OF ITALIAN PATENTS WITH EFFECTIVE DATE BEFORE 2007 MAY HAVE OCCURRED AT ANY TIME BEFORE 2007. THE CORRECT EFFECTIVE DATE MAY BE DIFFERENT FROM THE ONE RECORDED.SCRIBED TIME-LIMIT

    Effective date: 20020605

    REG Reference to a national code

    Ref country code: GB

    Ref legal event code: FG4D

    Free format text: NOT ENGLISH

    REF Corresponds to:

    Ref document number: 69526887

    Country of ref document: DE

    Date of ref document: 20020711

    GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

    Effective date: 20020720

    PLBE No opposition filed within time limit

    Free format text: ORIGINAL CODE: 0009261

    STAA Information on the status of an ep patent application or granted ep patent

    Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

    26N No opposition filed

    Effective date: 20030306

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: DE

    Payment date: 20040812

    Year of fee payment: 10

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: GB

    Payment date: 20050727

    Year of fee payment: 11

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: FR

    Payment date: 20050809

    Year of fee payment: 11

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: DE

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20060301

    GBPC Gb: european patent ceased through non-payment of renewal fee

    Effective date: 20060802

    REG Reference to a national code

    Ref country code: FR

    Ref legal event code: ST

    Effective date: 20070430

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: GB

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20060802

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: FR

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20060831